5.3
CVE-2025-52619 - HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure
HCL BigFix SaaS Authentication Service is affected by a sensitive information disclosure. Under certain conditions, error messages disclose sensitive version information about the underlying platform.
4.3
CVE-2025-52620 - HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability
HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format.
5.3
CVE-2025-52621 - HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning
HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. Β The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning.
6.2
CVE-2025-43201 - Apple Music Classical Android May Leak Credentials
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
7.5
CVE-2025-8959 - HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.
5.4
CVE-2025-36088 - IBM TS4500 cross-site scripting
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosureβ¦
8.4
CVE-2025-43490 - HP Hotkey Support β Escalation of Privilege
A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.
2.6
CVE-2025-55285 - @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetcβ¦
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{ secrets.x }} is not passedβ¦
6.9
CVE-2025-7961 - KAP 3.6.0 - TCC Bypass
Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0.
4.3
CVE-2025-8996 - Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.